The gap between the best- and worst-performing cyber insurers will widen next year, according to the head of cyber risk analytics specialist CyberCube.
CyberCube CEO Pascal Millaire (pictured above) predicted that the spread between the loss ratios of top-quintile carriers and bottom-quintile carriers would widen in 2022. Millaire attributed the predicted shift to differing underwriting strategies for managing what has been a challenging market for cyber insurers globally.
“Those cyber insurers who exited 2021 with more of a ‘business as usual’ mindset will not be as well-positioned as those who exited 2021 with a call to action to dramatically improve underwriting standards,” Millaire said. “There will be a greater spread between high- and low-performing carriers from a loss ratio perspective in 2022. In 2021, many carriers doubled down on more rigorous underwriting standards, increased use of data-driven underwriting tools and instituted disciplined underwriting strategies that resulted in them walking away from unattractive accounts. This approach will pay dividends over the coming year.”
Millaire and other CyberCube experts also predicted that 2022 would see alternative capital providing more capacity for the cyber insurance market. Rebecca Bole, CyberCube head of industry engagement, said there was potential for the development of a cyber insurance-linked securities market in 2022 to alleviate the catastrophic financial impact of cyber-related events.
Michael Millette, managing partner at Hudson Structured Capital Management and board director at CyberCube, said there was currently a “capacity crunch” for cyber insurance.
“In order for the industry to reach its long-term growth projections, there’s a hypothesis that we’re going to need more capital available to take on this risk than is currently available within the insurance and reinsurance markets,” Millette said. “The capital that we need is a combination of capital for ‘regular’ cyber and for ‘cyber cat.’
“The industry is doing a good job forming capital for regular cyber – companies are entering the cyber space, and we’ve seen a rapid expansion of managing general agents (MGAs) and skilled modelling firms. That collective can bear the current level of cyber premiums. We’ve seen a series of fairly small and experimental placements of cyber retro in the capital markets, maybe totalling a few hundred million dollars. That will grow with time.”
Retired Adm. Michael S. Rogers, former director of the NSA and former commander of US Cyber Command, warned that the future could see cyber criminals hacking corporate systems in order to manipulate data rather than steal it.
“It’s just a matter of time before we start to see data manipulation,” Rogers said. “So far, actors have locked down data and extracted it. I’m curious if that not only continues, but we start to see potential data manipulation where an adversary gains access and starts to make changes to data in a way that perhaps you don’t recognise initially, and that becomes the vector for ransom and extortion.”
CyberCube predicted that next year would see cyber criminals focusing on attacking supply-chain vulnerabilities and so-called single points of failure – widely used cloud-based services whose failure could potentially affect millions of users at once.